Remote Administration of NB16WV-02

All other technical assistance queries (General technical issues, IPv6. P2P, News groups, etc)

Remote Administration of NB16WV-02

Postby Daniel Simpson on Fri Feb 20, 2015 1:27 pm

Hello,

I found the below instruction in the Netcomm Manual but I'm not sure it applies to what I want to do.

Option
Remote Administrator Host/Port

Definition
Normally only Intranet users can browse the built-in web pages to perform administration tasks. This feature enables you to perform administration tasks from a remote host. If this feature is enabled, only the specified IP address can perform remote administration.

Note: If the specified IP address is 0.0.0.0, any host can connect to the router to perform administration tasks. You can also use a subnet mask (/nn) to specify a group of trusted IP addresses for example, "10.1.2.0/24".

When Remote Administration is enabled, the web server port will be shifted to 80.

WHAT I WANT TO DO:

I want to be able to initiate a 'reboot' from the Tools menu of my Netcomm NB16WV-02 modem from ouside the INTRANET.

The INTERNET Service is provisioned to this device by Exetel through an NBN Wireless connection through an Ethernet WAN interface.

Accordingly I would appreciate guidance and advice on how to do this.

So far, I have done the following under the menu - Security Settings - Miscellaneous:

Remote Administration - SETTINGS 0.0.0.0 /0 :80 Tick "ENABLED"

(1) Is the Settings information that I entered correct for what I want to do?
(2) How does the address look from outside the Intranet eg: 115.70.92.xxx/192.168.20.1:80/index.htm
(3) Will this routing get me from the Internet into my Exetel IP address and on to the Netcomm or is the syntax wrong here??

Thank you in advance for any assistance.

Daniel

Note that as per the instruction in the manual, the 0.0.0.0 is entered because I do not yet know the remote IP address from which I will be doing the Administration.
Daniel Simpson
 
Posts: 10
Joined: Tue Feb 01, 2011 10:07 am
Location: Bonville, NSW

Re: Remote Administration of NB16WV-02

Postby Dazzled on Fri Feb 20, 2015 2:59 pm

My preference would be to command the router from the inside on the telnet interface. That way I'd be running the security, and nobody could spoof anything. That machine would be always listening.

The intention of the Netcomm setting is to make the browser login page face outside, rather than just inside. You had better have a pretty good password, because port 80 does get scanned. All you do, from outside, is point your browser to your IP at 115.70.x.x. Browsers default to port 80. The NAT function will interfere with your trying to do this from inside. The outside world knows nothing of 192.168.x.x addresses, they are a secret known only to the router.

You don't really want the world and his wife doing this, so do change the filter so that the router only responds only to the fixed IP address. An attacker would have to know that address.
User avatar
Dazzled
Volunteer Site Admin
 
Posts: 6521
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Remote Administration of NB16WV-02

Postby Daniel Simpson on Sat Feb 21, 2015 12:18 pm

Yes, thank you again for the very good advice. I had (in fact) already changed the User Name and inserted an 8 character password with alpha-numeric and mixed caps etc. (probably represents a "good" only level of security). The Netcomm modem only offers the 8 digits of password otherwise I would have gone beyond that number.

I'm not sure how to implement your "Telnet internal" suggestion and would like to explore that a bit further if I may..

I have only the VOIP access telephone number based upon the Exetel/NBN Wireless service and the standard Exetel VOIP offering. Using this combination, is there a way to get into the Netcomm from externally and then access the LOGIN? In the mean time, I have disabled the port 80 LOGIN access to the Netcomm since it had interfered with my (previously solved) access to the CCTV System.

In summary, the objective is to access the Netomm (for Administrator actions) PLUS two NVR Devices. Everything wants to present through Port 80.
Question:
I have assigned Port Forwarding as 81 & 82 within the Netcomm to the NVR devices (#1 and #2) but have not yet tested this from outside the Intranet for outward looking access to their respective LOGIN screens.

For info, the NVRs software also does offer ability to change the INTERNET Port 80 assignment to a different number and also allows reassignment of the CLIENT Port 9000 parameter. In fact, I have already re-assigned the second NVR device as Client 9001 to enable concurrent viewing of the camera video - INTRANET viewing at home, for example. Opinions and advice as always much appreciated.
Cheers
Dan
Daniel Simpson
 
Posts: 10
Joined: Tue Feb 01, 2011 10:07 am
Location: Bonville, NSW

Re: Remote Administration of NB16WV-02

Postby Dazzled on Sat Feb 21, 2015 4:14 pm

I would run an NVR setup with zoneminder myself, and save a lot of work and dollars. http://www.zoneminder.com/ It requires a Linux distro to run on, which could even be on a self-booting USB stick if you wish.

I don't have an NB16WV to play with, so to investigate the telnet option, in a terminal try the command telnet 192.168.1.1 and see what it says in response. I would hope to receive an escape character message and the device name. If you can then log in as admin, type ? for a list of common commands. Most Netcomms include reboot. If so, execute it from the telnet prompt and watch. If you are running Windows you might have to enable telnet (they hide it by default). Linux and Apple are not so obtuse.

If the telnet reboot works, you can script/batch the commands you just typed including a 1 second pause between each one. If that works, you now need to add instructions to listen for a secure login from outside or else get some suitable software to call your script/batch file. Port forward the modem.

There's possibly another way. The Netcomm is enabled for remote SNMP. You'll need some research on this one, as it is rather arcane, but it allows for external logging of the modem and setting of variables that could lead to a reboot. Best done with software, like an MIB browser.
User avatar
Dazzled
Volunteer Site Admin
 
Posts: 6521
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney

Re: Remote Administration of NB16WV-02

Postby Daniel Simpson on Wed Feb 25, 2015 3:34 pm

Thank you. I have pursued the Telnet option to contact my modem from outside my LAN by adding TELNET to my windows features - it was successful to this point.

I also enabled a port forward - TELNET (23) port forqwarding menu of the Netcomm modem to IP 192.168.1.1.

The result was as follows invoking the command from within the cmd prompt:

"Microsoft Telnet>open 192.168.1.1
Connecting to 192.168.1.1...Could not open connection to the host, on port 23. Connect failed."

This result was obtained both from within my LAN and when using an INTERNET access from outside the LAN.

Can you see what I have done wrong here?

Appreciate more guidance.

Cheers
Dan
Daniel Simpson
 
Posts: 10
Joined: Tue Feb 01, 2011 10:07 am
Location: Bonville, NSW

Re: Remote Administration of NB16WV-02

Postby Dazzled on Wed Feb 25, 2015 7:42 pm

Close external telnet access now. It is far too easily hacked. Port scans for 23 are common, and you can guess what comes if it is found open. You have port forwarded the router to itself, not to a LAN computer.

You can't access yourself using your external address - the router firewall should prevent it.

If you did not get a connect to the router from within the LAN, then the router has denied you access. That needs to be opened, and you may have to talk to Netcomm to see if there are any tricks. I can't find a mention in the manual. Most Netcomm products have an enable switch in the browser config.

It's complex stuff, but the router does provide for external SNMP. You will find that suitable software at the remote site is welcome. Otherwise, I'd personally still use zoneminder/mySQL/PHP. There are equivalents.
User avatar
Dazzled
Volunteer Site Admin
 
Posts: 6521
Joined: Mon Nov 13, 2006 1:16 pm
Location: Sydney


Return to Other

Who is online

Users browsing this forum: No registered users and 2 guests

cron